tv Fred Kaplan Dark Territory CSPAN October 11, 2017 1:03am-2:36am EDT
in his book uber dark terri, he writes about how agencies have used the tactics in past conflicts. he spoke at the think tank new america in washington, d.c.. this is an hour and a half. >> anow let me introduce fred d kaplan. he has done a few things in his illustrative career. the national security and author
of four books, the new book as some people might imagine. a surprise winning journalist with his days at the "boston globe." in a while he s will give a few minutes describing the book and what's in it. some of the themes and what we might contribute from that and then i will open up to the floor give you the opportunity to ask some questions and we will wrap upqu at 1:45.
[applause] ing didn't know what the title s going to be for a while but how long the history is it because most people think that it started with the outskirts of shanghai and no but now in prace goes back all the way to the dawn of the internet itself. this was the network where they would talk with one another in their computer program an into
there was a computer pioneer who was also on the scientific advisory board and wrote a paper that has been declassified since but he said here's the problem once you have accessed from multiple locations. he won't be able to keep secrets anymore. when i was doing my research i talked with this man and asked if they read the paper. i took it to the guys on the team with.
let's just do this one step at a time. they won't be able to do this for decades. two and a half, three decades the whole systems and networks have grown upe with no provisios for security whatsoever.p so i see this situation created from the very beginning. all of this went on noticed until june of 93 when ronald reagan watched a movie about camp david. one of the guys that wrote it, not when coming here tomorrow, his parents were hollywood producers and on the following
sunday he's in the white house to discuss the missile. and everybody there were nationalem security advisers. he puts down his index cards and asked has anybody seen this movie. so he turns to the chairman of the joint chiefs of staff and says code something like this really happened can someone break into our computers. he comes back and says it is much worse than you think. so, one year later there was a national security about the
telecommunications security that went in a strange direction basically written by the nsa. the way they wrote it controlled the standards for all in the united states. government, military. so they reloaded so they wouldt have security and the commerce department would have everything else. of course they had no ability to do this. they had no interest in securing the peace channels.o app that time they were exploiting security gaps. so, for about a decade nothing was done about this problem and i won't go any further but the
point is these incidents at the dawn of the internet were extremely unlikely. it led to the systems and programs and the issues and policies and controversies in the decision to persist to this day. this is something that i discovered almost by accident. it turnedy out that i'm assuming you remember basically they get into the norad computer to something called human dialing,
he sets up a system and they dial the phone numbers and when the modem is reached they go back into the computer and it's just on some online game. is this possible. can somebody from the outside get in. so they called the corporation. he leaves the port open and if somebody happened to dial the number to get in, the only
secure computer is the computer that nobody can use so that is the lesson we all learned a. we will be talking to him about for the next movie is going to bedn about. before we get there, you've written a history of cyber war and when people write about th this, people tend to study so they can get a sense of how to
fight battles in the future. what do you think having done your research and writing the book on the offensive team 1983 and now students of the cyber war should look back on and instead of working the battlefield of gettysburg to study for the future. >> i guess a pivotal moment came in 1997. he'd beeshe then the commander f something called san antonio where they were doing things about cybersecurity. he couldn't get any of the other
officerse interested at all. of 25 team members would hack into the departments and would have to use commercial available equipment. so they prepared scoping out the networks and what they would do. people who were victimized, the only people that knew about it for the people doing it and the lawyers.
it turned out that within four days they hacked into all of the defensefoac department networks including the command center which is how the president communicate. sometimes they would just leave a's marker and sometimes they would intercept messages like what going on here i don't know what's happening. there was a marine in the pacific who knew something was going on but even if you knew something was going on, what do you do about this they unplugged the computer from the internet. here's what we found an in heres some passwords we dug out and here's the tape recorder, we
then there were the defense networks looking around for particular things and they traced it back. then the chinese started doing it and one thing very interesting when the nsa was in spite of the defense department networks they noticed them strolling around so this was already really happening. in 1997. but then there were other thing. remember when they were planning to invade haiti into favor
and then they were able to hone in on the plan and the defense system was why you're afraid of. so it would look like there were planes coming from the northwe northwest. so they would send messages saying we know you own this copper plant we are going to get rid of most such and they would turn out the lights and if you keep this up we are going to bomb you tomorrow. soso that's how because they wee it threatened by information warfare so this is the firsthe information warfare.
it's about one tenth of what we could have done but after that, we know about some of the thin things. i will give one more en and thae should probablygs move on. when they bombed the syrian reactor's they were helped by the north korean scientists they didn't acknowledge it a it is dd to about 150 miles from the territory without being detected even though they just installed the missiles and radar. what happened is they used the program developed by the air force and implemented by nsa to
the people looking at the screen for nothing. the radar was protecting so it took a little nerve to continue. they were able to intercept to make sure this worked, to make sure they really were saying nothing, and they were saying nothing. our screens show nothing. we accepted the idea and this is the only thing i will retractcta
bit. it was the change of strategy. basically they capture and get t into the systems and did things saying let's meet at such and such place by 4:00 and there will be some force is waiting there to kill them or they would detect somebody planting a roadside bomb but then you have to send the data back to washington. within one minute theyas could target through the techniques they killed 4,000.
they decided they should send a delegation to moscow. maybe they didn't know that this was going on and it was presented as a criminal investigation seeking assistance from the russian federation. so they sent over thishe delegation into there was a general in the military helping out. we will not stand for this. so they were going to be there for five or six days. we woulde go around sightseeing and then on the fourth day, there is nothing.
livlist to the establishment ofe new organizations of the network defense and computer operations butna there was a parallel development going on in the white house where people started to realize the critical infrastructure is vulnerable. can you talk more about what he was upuc to? >> as all of this other stuff was going on, a couple years before the oklahoma city bombings, it led to the policy and they started setting up a joint task force on the critical infrastructure working group.
so then there's some electrical facilities into something that could affect the entire economy. so transportation, banking and finance and then they decided most working groups like this. they thought it's pretty obvious if you protect something from physical damage, but there is this other thing going on, vulnerability to electronic and computer hacking and that sort of thing. so as the report is written, half of it and this is where the term was used, they talked about the two types of
vulnerabilities, fiscal and cyber and this i assessing futue somebodyne could do more damage with a keyboard and with a bomb. they were looking at it as a new nuclear weapon. in 97, this analyst named richard clarke was put in charge of this and he didn't know anything about computers. they would go to talk to executives and microsoft has a lot ofiv operating systems. but nobodyps knew about anything else and they didn't know about vulnerabilities and the things in between. i don't know how much you want me to get into this but he met
them in the square and this whole group is called the law on the second floor of the warehouse in boston and they have stuff and they were able to do things their, replicate any kind of equipment, hack into anything and got changed the whole model. he realized okay you are getting things word you are able to do things that in the white house we have said on th many nationstates can do and clark at the time was chasing osama bin laden and said this will be
great for part of my portfolio, cyber terrorism. if they were terrorists they could do acts, so this was the whole cyber war and what it might result in. this one thing thatn. has not panned out yet. i don't think there are any terrorist groups out there that are able to do things as the hackers are getting paid to do things in theey infrastructure. >> is there yet one more iteration where the surveillance becomes a part of the story? can you talk about the impact of the changes and the technology that takes us up that?
>> up to about this time, they were intercepting radio signals into that kind of thing. then they noticed the hippies listening towers over the world and certain parts of the world nothing is coming in anymore. they are not getting any communications because they've gone to fiber optics and they have no' to do this. somebody that has been a director before wrote a paper for that classified congressional committee that was called are we a going to. the cold war was ending about this time, too.
the nsa used the divide in the group tracking the russians and the rest of the group. shouldn't this becomes quite a lot, and this is where we get into the movie sneakers. so, mike mcconnell gets into the nsa looking around saying what does this organization to? we are not getting the radio signals anymore. what c do we do? >> here is a map of the communication and that you need to look at and the only maps of fiber optics. okay that's interesting.
so for those who didn't see it, it's about hackers. nothing like this existed so there was a kind of ridiculous plots where they get a call from the nsa with a decrypting code and it turns out the nsa people were the criminals and he was working for the government to try to get back. it's one thing where ben kingsley who is kind of an evil mastermind who used to be a college roommate and there's this whole monologue is about the information. so he sits up in his chair and said this is our mission statement now. since goes back and gets the
last reel of the film and has everybody at the nsa watching. he tells everybody to go watch this movie and to even take off the afternoon to go watch the movie. he takes one of the best field offices, brings him back to fore meade, creates a child called the director of information warfare and all these kind of may send outfits around the military and this is the information warfare center. but what they really did is create the access operation so they figured out how to get into the computers and so they said i need to get into thisis guys e-mail.
so we designed the phon where tr the radio signal anymore. it now they created an air gap. how do we cross over to air gap and then there's the information n. center. they look over and planto a device and with that i would inserts some malware and kept him from that. he said what can i do to protect myself and i said if all you're interested is keeping out petty criminals, there are things you can y do.
but somebody that really knows what he's doing and want some that you have the resources of the nationstate. the pentagon, this is skipping ahead a little bit, but they had a special panel on the cyber warfare c and concluded the inherent fragility of thee infrastructure. the inherent fragility. they report it and looked at the record and the red team was tasked to hack into the command control system.
the advantage is built on things that are networked and it's back to the tang and rifles. so that's what people are very worried about. >> one of the other things raises the important question of what it means for the nature of warfare going forward. ithat's a lot of information and the attack on the civilian system that may not be as well protected, what does this mean
for a student of national security? >> there are a lot of networks that are not classified. how do you get supplies, a lot of that is on the open networks. they play the games that people mess with that on the air task orders are supposed to play this up is to meet up with a refueling plane. you can do a lot of funny business with that and not even know that it happened. so, that sort of thing.
they'veav reduced the number of intersections between their own network and the internet to about eight. they can do that so they can actually see when somebody is comingng over. civilian governments there are hundreds and thousands. even if they had the right, the department of homeland security that supposedly are out to lunch so that's what this led to a
there's this directive they tried to get the critical infrastructures to get some security going that you trust that youwith your money won't g. while we hear a lot about the banks, there are thousands of attempts a day but not very many get in. you've given some advice on the best practices and th the amount
then you have a month to fix this. nobody has the power to do that. one thing several people told me that they learned about the executive branch and maybe some of you know this, people go to the executive branch and say i'm going to create policy. about 10% is creating policy and the other is implemented. they are going back time and time to make sure that it's still implemented. it is what has always been lackingg and it's always been known on a presidential level for more than 30 years.
different subjects in the light of the problem of critical infrastructure. i have people being kidnapped and killed over here a right now it's like the scene in all the presidents men. it still looks very theoretical to a lot of people. something has to be decided tomorrow. it is very difficult to focus your attention on something as complicated as this of which there doesn't seem to be an obvious solution. we have a room full of people.
some are better than others. they are good at hacking into the times and the journal so maybe it's a little harder to get into now. another thing if somebody launches a t ballistic missile n go from one place to another to another. they are getting better at tracing that but it's still not a 100% thing you want to know the reason why we know they
what the deterrence means. how big of s an impact robert gates asked at what point does this constitute an act of war and they wrote that under certain circumstances because nobody has. with nuclear weapons there is a red line between them using nuclear weapons. that is one reason nobody is using them in the past few years because you don't know what's going to happen afterwards. there are cyber attacks going on thousands of times a day and
nobody knows where the line of attack is. there's this attack that just happened when they attacked over a movie who would have thought that. so there are many opportunities for misunderstanding things getting out of hand because one person's nuisance turns out to be a national threat and then what happens on day number two. i said i don't know if they're trying to figure that out.
it's something that they just haven't thought through and part of the reason is tied up in the nsa. the joke used to be that it stood for no such agency. even when the bomb went off in 1945, certain things that were classified. they are well understood and from the beginning we have civilian strategists thinking about what does this mean, what does deterrence means. they arrived up in things thinking about this and having
book. then i looked it up, did a google search of dark territory and what does this mean, i didn't want to have some obscenity so it turns out this is a north american rebel that signifies the stretch of track that is ungoverned by [inaudible] and i'm thinking wow, that is perfect. i wrote him an e-mail and said did you know this and he said oh yeah, my grandfather worked as a stationmaster on the santa fe railroad across kansas for 50 years. we talked railroad terminology all the time. so, that is where i get the perfect description of what is going on except the stretch is much bigger, the engineers are unknown, the consequences of a collision are far more cataclysmic than two trains and that is the situation we are in.
>> i have no interest in speaking for the us government but there are beginnings of this work and the strong relation to the chinese and the -- they are talking about setting up a forum to discuss a process by which they can discuss rules of the road. it is that far out but now gates said this when you are talking about russia and israel in france and china, now how do you bring north korea and iran and syria and how do you bring these guys into this cooperative back room and you know, in the back room someplace and how to divvy up the heroin market. how do you do this now? it's a tough one.
there is a document -- one of the documents that snowden out called tpd 20 which was cyber operation policy and it had certain things like different departments were supposed to do and one of them was precisely this, setting rules of the road, state department. there was a progress report a year later pending, progress report was pending. it's the hardest thing in the world to do because the other thing is if you are going to say okay let's stay out of each other's whatever, electrical power plants, you've got to stay out of their electrical power plants, to and how can this be verified. how do you know that they are not in the one time -- the first discovery of a known intrusion into a classified territory happened in 2008 called buckshot
yankee operation and they discovered soviet russian it's and other things inside a classified network of us central command. they discovered this because they had the entrance points locked. what if someone is in there messing around and they thought we should go look for the networks and see if anyone is in their and they discovered someone in there. they hadn't gone looking, they might still be in there. so, it's a very -- we are talking about things we have lines of code and thereby meet malware taking up 150 lines of code so how do you even detect that contract how do you detect the lines of code within something that is millions of lines of code it's
within five minutes they come up with a concept solution. within 24 hours, they have the solution, tested it and put it into motion. so by monday morning, people were alerted to this and going around counting the number of computers that might be infected and he's saying ridiculous. so he did what people had been urging him to do for a while and put the director of the nsa in
charge of cyber command as well. and that is when the offense and defense knew what happened. the problem was with the same technology and the only company that knows how to do this everybody else is completely left-sided. so okay, we now have $7 billion. they have links with the combatant commands and if they are devising and have action plans. tens of thousands of people assigned to this. where is your area of growth and yet as i was saying a few minutes ago, there is no concept of deterrence or what happens on the second day of the cyber war
so you have this machinery and it is all incredibly classified. this machinery going up so you are advanced in the technology field before even the finished the year of the policy and strategy have been cemented in two. is it thathis event is kind of a dangerous thing. >> the gentle man in the middle. david spencer, georgetown students. what do you propose we do to respond to the level of cyber attacks? >> what do you mean by strategic
-- >> strategically or hypothetically in the situation not energy but other critical infrastructures safe transportation. >> one thing that's true about our economy if you shut down the subway system of new york with what goes on in washington, san francisco, some countries it could be shot down like transportation and tokyo. they are expending on the smart grid for cyber purposes but it still doesn't take up the entire country. in some ways, everything just
looks up to computer networks to get the economies of scale. you have everything monitored by sensors and it makes perfect sense. >> it's everything in control of the computer network. they didn't shut down the centrifuges. they manipulated the control devices that were governing. so there's something that's controlling the amount of water going in and out and the amount
flowing through the electrical line. in some ways, the networks are set up in a way that is hard to defend them. the trend in economic commerce is to make them more and more centralized. they want something going on in the entire region of the united states controlled by then this was done. they looked to them like security, what do you mean? you can do things to make the networks more secure.
maybe it's been open for years and short of starting all over, which nobody is going to do, it's like they were in control and they would go to the government and say what can you do to help us? while, one thing we can do is just sitting on your network, no, not really. maybe we can give you some of this information sharing ideas and come in for commentary secf
briefing with some tools you can use in the justice department. this isn't typical of a terribly happy ending. >> [inaudible] you might argue one of the factors that are at play [inaudible] is a certain amount of deterrence and now russia and china have their stuff hooked up to the networks. the more this happens the more
it rises up suite is a dark territory rise. can you wait for the people who are online? it's slow and the wind technology leaders. as far as you are aware, has the government done anything to create, classify some kind of safe environment for technology leaders to be talking to them about how the government could be aware and leverage that?
>> in the defense industry there was a security base. there are lots of interchanges like this like lockheed martin. luckily there's about three big defense companies left. there are things like that are available. and in recent years, again, there is information sharing system. when he was the cyber guy in the white house that was a certain authoritarian personality. he wanted to create basically an
>> [inaudible] >> speak into the microphone, please. >> there is some thinking to make innovative companies comfortable about what they are doing because it would be a position to manage one of the hackers in my book went to work for about 1 18 months have cread 140 projects, the most expensive of which $100,000. he funded the experiment when they hacked into a jeep cherokee to show this is the way to do
>> wednesday at the conference we had prevented this for the security officials specifically talking up the public-private partnerships >> retired physicist, spent a lot of my career. as i look around at the defense department, a very vulnerable place to attack you would think somehow the signals are going out over the air someplace. are there any stories about that happening? >> there've been certain rumors,
know what is in this phone that they need right now for national security purposes they could send the letter to the nsa and the attorney general. they didn't require the active cooperation with the bat. at the same time i think basically what the fbi is trying to do is looking for a new legal precedent that gives them the authority to do this sort of thing before encryption gets really, really hard.
when this started happening i talked with a number of people in the intelligence agency, and i am pretty convinced there' tha way they could have cooperated without having to write a whole new operating system which they say they were being forced to do. the way this works is a security feature that if you type in the ten passcodes and everything else what the fbi could do is create a program, we don't even have to be in the same room.
so that's after 10,000 tries. we need to have you take away this linear. i'm told he can play people on this side of this there are ways they can make that change without writing a whole new operating system. what they are concerned about is once they succumb to this that could be succumbing to other things were saying the things the fbi had to do, we want to have you do that although the chinese could do that anyway.
somebody said i don't know if i can quietly cooperate on this one because you talk about he's dead and has no privacy rights. for practical reasons and political operatives it doesn't look like a great test case for apple. they are writing amicus briefs and if you have a contract with the government you want to sell